Down the Security Rabbithole Podcast (DtSR)

TL;DR: Erik Bloch and Anton Chuvakin join James, Jim, and myself to talk about why security metrics in the SOC ....suck. It's an interesting predicament, and one I'm sure Anton has been ranting about since he first got his 486/DX2 66. Or maybe not. It's an interesting topic because if we're measuring crap, that means something. Or does it even matter?Link to Erik's epic post: https://www.linkedin.com/posts/erikbloch_tinkertribe-secops-soc-activity-7245132473355919360-5v_B?lipi=urn%3Ali%3Apage%3Aorganization_admin_admin_page_posts_published%3B8719005b-91f9-4fdd-9cbc-4c75b2b70b00Does anyone read these show notes? Should I bother still writing them up?YouTube Video: https://youtube.com/live/0O6XzDqbGUIHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This week's episode is a special one. I've been a fan of Security Onion for a long, long time and this week Jim Tiller and I welcome Doug Burks its creator to the show. Doug gives us his story of how he started the iconic security platform and where it's going next. Don't miss this sit-down that's been far overdue. Congrats to Doug and his team on the longevity and continuing to push the envelope.YouTube video: https://youtube.com/live/25ahe0k58N4Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

This conversation features Jason Clark, an expert in data protection, and Nathan Smolenski, who focuses on data-related challenges in cybersecurity. They dive into the transformative role of AI in data classification, showcasing advancements that traditional methods can’t match. The duo discusses evolving data management strategies, emphasizing efficient data governance and loss prevention. Listeners are treated to insights on the growing landscape of cybersecurity and the importance of teamwork, all wrapped in a lighthearted take on themed camaraderie.

TL;DR: This week Jason Clark and Nathan Smolenski join Jim Tiller and I on part 1 of a 2-part series on data security. It's a topic whose time has come, and we're going to start in part 1 with fully analyzing the problem, how we got here, and just how ugly the beast is.YouTube vide: https://youtube.com/live/Qps-4NSEI-4Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This week's episode features Aaron Bray, CEO of Phylum. We use this episode as a complete primer on SBOM (Software Bill of Materials). We cover the typical "lot of ground" but try to answer the question of what SBOMs are, how they're useful, and what you as practitioners can do now that you have them.YouTube video: https://youtube.com/live/KHiDJt8SnZ0Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This week's episode sees the return of Mr Jeff Collins (of WanAware fame) as we talk over the long-prophesied death of vulnerability scanning. Maybe. What does the cloud have to do with the demise of vulnerability scanning? Listen and find out... I think you may find this relevant.This time, YouTube Video, is required viewing...trust me on this.YouTube Video: https://youtube.com/live/U3BsGXRV0L4Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This week, part 2 of the SAP ("Critical Enterprise Apps") discussion where Tom Venables & Jay Thoden van Velzen get a little more in-depth on what it takes to secure SAP and ensure that there's more than just a firewall between imminent disaster and your business. Jim TIller guest-hosts this in-depth episode, and we invite you to grab a notepad, and take some notes!Part 1 is here, listen to it first.YouTube Video: https://youtube.com/live/iH_mg4Hu0tcHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This episode is a "walk-around" episode, where I walked around Black Hat 2024 and ran into some friends to talk about what we're seeing, anything that caught their attention, and some other interesting insights in short-form recordings. I hope you enjoy listening to Lamont Orange, Aaron Bray, Alex Humphrey, and Rick Holland as much as I enjoyed the conversations.No video for this episode.Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: Have you ever wondered what it would be like to be responsible for security for an entire county? That job encompasses a massive amount of responsibility - but I'll let Doug Cavit, the CISO of Snohomish County, Washington tell us about it. What a resume, and what an incredible job Doug has.YouTube Video: https://youtube.com/live/selNfh5gQAUHave something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast

TL;DR: This episode was one of our awesome LinkedIn Live episodes - if you missed it, join us on LinkedIn and never miss another! On this one, James Robinson (CISO at Netskope) talks with Rafal and James with guest-host Jim TIller about the possibilities we have with SaaS, data protection, and the whole mess we've made over the last 20+ years of "data everywhere". Big thanks to Netskope for providing the excellent James Robinson onto the show!YouTube Video (if you prefer YouTube): https://youtube.com/live/8MnpK0H9az0Have something to say? Let's hear it.Support the show>>> Please consider clicking the link above to support the show!-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=YouTube home: https://youtube.com/playlist?list=PLyo0dkKRvfVtWXjRxNISrhme1MgBj3C2U&si=scHDiTuLXSEQ9qHqLinkedIn Page: https://www.linkedin.com/company/down-the-security-rabbithole-podcast/X/Twitter: https://twitter.com/dtsr_podcast